According to the National Cyber Security Centre “The majority of cyber security incidents are the result of attackers exploiting publicly disclosed vulnerabilities to gain access to systems and networks”. Cybercriminals’ attacks can make systems unusable, disrupt business activities or expose sensitive company information, personal data or payment card details to fraudulent and illegal use
The most important thing small business owners can do to protect their business from attacks and data breaches is ‘patching’ the technologies they rely upon. By installing security patches or updates, business owners can close down known weaknesses before they are found and exploited by attackers.
Cybercriminals continually search for weaknesses (vulnerabilities) within operating systems, applications and software, security protocols, and coding. Cybercriminals look for unknown vulnerabilities that provide them with new ways to break into systems and gain unauthorised access to data. As soon as new vulnerabilities are publicly disclosed, attackers will look to exploit them.
Meanwhile, legitimate security researchers (‘whitehat hackers’) are working for the greater good, identifying new weaknesses and notifying the vendors/developers (for example, reporting new vulnerabilities found in Microsoft products through their Bug Bounty Program) so that fixes (security patches) can be developed and made available to the user community before public disclosure of the vulnerability.
The role of business users of the affected systems, whether they are sole traders, SMEs or larger enterprises, is to install those security updates as soon as possible before the cybercriminals come up with a way to exploit the weaknesses.
This article highlights five key aspects of vulnerability management and explores how Sysnet Protect can help your merchant customers identify and address known weaknesses.
Five key aspects to vulnerability management.
1. Know what you have
Businesses can only ensure that all of the types of technology and software that they use are kept up to date if they know what they have.
How Sysnet Protect Helps: Network Discovery Scan
This scan can detect all computers and devices connected to the business network. Helps merchants identify unauthorised devices on their network and ensure that all authorised devices are included in their vulnerability management and patching activities.
2. Use software from trusted sources, that is licensed and supported by the vendor
Apps on company mobile devices should be obtained only from trusted sources, i.e. Apple App Store or Google Play Store. Businesses also need to be aware that if the software they use is unlicensed, they won’t be able to access and install security patches the software vendor releases. Their systems will remain vulnerable.
Businesses need to make sure their systems and software are supported by the vendor. Vendors and developers will release updates for their products including security patches and new security features until they decide the product is no longer supported. Even if a vulnerability is identified, the vendor will not develop a patch for the software and operating systems they no longer support; they expect the user to migrate to a supported version of their product.
End of Support Examples:
The Magento 1 e-commerce platform
Company desktops and laptops may be running on Windows 7.
Microsoft ended support for Windows 7 on 14th January 2020.
Microsoft no longer offers patches and security updates for Windows 7.
The merchant’s online store may rely on Magento 1.
Magento no longer supplies security patches and software updates to address newly identified vulnerabilities affecting Magento 1.
Ecommerce sites running on Magento 1 are becoming increasingly vulnerable to security threats and data breaches
How Sysnet Protect Helps: Out of Support OS
Initial Sysnet Protect deployment can identify the use of out-of-support OS (Windows or Mac). Merchants informed of security risks and advised to upgrade.
How Sysnet Protect Helps: Webscan
Website Scanner can detect the Content Management System (e.g. Magento 1) and programming language in use.
Merchants informed of security risk of using end of support CMS or out of support version of PHP and advised to migrate.
3. If available, enable automatic updating of devices’ operating systems and applications
How Sysnet Protect Helps: Auto Update Enabled
As part of the initial Sysnet Protect engagement, the merchant is informed of the importance of keeping patch levels up to date.
If automatic update is not enabled, merchants assisted in enabling automatic update on their systems.
Where an automatic update is not possible, businesses need to make sure that security updates are installed as soon as possible after they become available.
4. Check that the latest security updates and patches are installed
For the identified technologies and software in use, businesses must check that applicable security updates have been applied.
Manual checking of operating systems and software/apps for missing security updates:
How Sysnet Protect Helps: Vulnerability Management
Provides endpoint software inventory and patch status report.
Proactive monitoring for OS vulnerabilities in supported systems.
Merchants advised to update their systems and provided with patch installation support.
Checking web applications and ecommerce websites for vulnerabilities and missing security updates
How Sysnet Protect Helps: Webscan
Performs a range of vulnerability and security checks including issues associated with SSL/TLS and HTTP Headers, known indicators of compromise and signs of website malware, common web application security risks (OWASP Top 10).
Provides website content information allowing merchants to verify only known and required scripts, links and iframes are present.
Helps merchants understand the security status of the scanned website. Results are reviewed with the merchants; they are advised to share with their developer to address the security risks.
5. Protect endpoints from exploitation of zero day vulnerabilities
A zero day vulnerability is a discovered software flaw that is unknown to the software vendor and for which no security patch exists. Cybercriminals write code to target those specific security weaknesses, a ‘zero day exploit’. Signature-based security defences and anti-malware protection are unable to protect endpoint devices against zero day exploits.
Businesses need to practice defence in depth to protect their systems against zero day attacks – including maintaining their system patch levels, educating staff so they know how to protect themselves against social engineering, using security tools and technologies to detect suspicious activity and prevent attacks.
How Sysnet Protect Helps: Endpoint protection
Includes several layers of device protection. Deviations from normal or baseline states can be detected and actions triggered to prevent compromise.
Offers dynamic (behavioural) based analysis of potential malware. A threat can be inferred from observed behaviour.
Zero day attacks can be blocked even before the code string patterns (signatures) for the exploits are written in to anti-malware signature databases.
How Sysnet Protect Helps Your Merchant Customers Manage and Address Vulnerabilities:
You can offer all of your merchant customers vulnerability management support for their Windows and Mac endpoint computers; this service is not linked or dependent on Advanced Endpoint Protection.
You can engage and educate your merchants in understanding and addressing the security risks associated with using unsupported operating systems and unpatched software.
The Sysnet Service Operations Centre proactively monitor for the release of newly discovered critical vulnerabilities, run vulnerability reports of the managed merchant estate and follow-up with any exposed merchants that are identified.
Mature, proactive data security programmes can achieve <95% patch compliance across the subscribed merchant estate.
You can offer website scanning to all of your merchant customers with an online presence; the Webscan service is not linked or dependent on other Sysnet Protect tools.
The Sysnet Service Operations Centre helps your merchant customers to understand the web scan results and engage their developer in addressing the issues identified.
You can offer your merchant customers protection against zero-day exploits of their Windows and Mac endpoint computers.